[PATCH] hardening: Enable i386 FORTIFY_SOURCE on Clang 16+
Kees Cook
kees at kernel.org
Fri Mar 7 22:57:06 UTC 2025
On March 7, 2025 1:47:34 PM PST, Nathan Chancellor <nathan at kernel.org> wrote:
>On Tue, Mar 04, 2025 at 09:50:44AM -0800, Kees Cook wrote:
>> On Mon, 03 Mar 2025 13:49:37 -0800, Kees Cook wrote:
>> > The i386 regparm bug exposed with FORTIFY_SOURCE with Clang was fixed
>> > in Clang 16[1].
>> >
>> >
>>
>> Applied to for-next/hardening, thanks!
>>
>> [1/1] hardening: Enable i386 FORTIFY_SOURCE on Clang 16+
>> https://git.kernel.org/kees/c/3e5820429980
>
>Turns out this is actually incomplete based on my testing, I see the
>following warnings with ARCH=i386 allmodconfig with all supported clang
>versions:
>
> warning: unsafe strcpy() usage lacked '__write_overflow' symbol in lib/test_fortify/write_overflow-strcpy-lit.c
> warning: unsafe strcpy() usage lacked '__write_overflow' symbol in lib/test_fortify/write_overflow-strcpy.c
>
>We also need to drop '-ffreestanding' from arch/x86/Makefile (which Nick
>has mentioned in [1]). Time to revive [2]? :) or just do it in this
>patch, since it sounds like there was no regression with GCC?
>
>[1]: https://github.com/ClangBuiltLinux/linux/issues/1583#issuecomment-1123016466
>[2]: https://lore.kernel.org/20200817220212.338670-5-ndesaulniers@google.com/
Oh good catch! Probably I need to do this in two patches just to be safe:
- make -ffreestanding be Clang only
- switch to version checks for FORTIFY and freestanding
That will split the changes for GCC and Clang into separate patches. Or maybe that's overkill?
-Kees
--
Kees Cook
More information about the Linux-security-module-archive
mailing list